CVE-2023-4835

CRITICAL

CF Software Oil Management Software <20230912 - SQL Injection

Title source: llm
STIX 2.1

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CF Software Oil Management Software allows SQL Injection. This issue affects Oil Management Software: before 20230912 .

References (2)

Core 2
Core References
Third Party Advisory government-resource broken-link
https://www.usom.gov.tr/bildirim/tr-23-0533

Scores

CVSS v3 9.8
EPSS 0.0055
EPSS Percentile 42.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-89
Status published
Products (2)
CF Software/Oil Management Software < 20230912
petroleum_management_software_application_project/petroleum_management_software_application < 20230912
Published Sep 15, 2023
Tracked Since Feb 18, 2026